WP The World Cup: Prime Time for Sports Fans and Cybercriminals | Imperva

The World Cup: Prime Time for Sports Fans and Cybercriminals

The World Cup: Prime Time for Sports Fans and Cybercriminals

From November 20 to December 18, fans from all over the world are tuned into the World Cup tournament in Qatar. While this is a major event for sports fans, it’s also prime time for bad actors. Large sporting events lead to increased levels of activity across sports and gambling sites, along with opportunities for cybercriminals to steal personal information and money from these sites, both in the weeks leading up to, and during, the competition.


Sports sites saw a sharp increase in traffic at the beginning of November, and requests peaked on November 25, which coincided with several matches, most notably USA vs England.

World Cup Traffic by Day Sports Sites

Requests to gambling sites steadily increased in early November as matches began, and were highest during the Round of 16. Requests increased during the weekend of the quarterfinals and are increasing again ahead of the final games of the tournament.

World Cup Traffic by Day to Gambling Sites

Country-specific traffic to gambling and sports sites largely coincided with matches played by their national teams, especially those during the quarterfinals. Traffic to Brazilian and Portuguese sites, however, was highest during the Round of 16 matches instead of the quarterfinals. 

World Cup Traffic on Netherlands Sites

World Cup Traffic to Sites in Morocco


This year, Imperva observed large amounts of traffic to World Cup-related sites. Sports and gambling industries have both seen higher-than-average levels of attacks and traffic that began in early November, leading up to the tournament.

The main threat to these sites originates from bots that are conducting account takeover (ATO), account creation, scalping, and scraping. Sports sites are likely targeted by account creation in order to create skewed analytics or abuse free trials and subscriptions in order to stream the games. Scraping occurs in order to pull team analytics and sports information en masse. Scalping may be related to bots attempting to purchase team-related merchandise.

World Cup Sporting Site Bot Categories

Meanwhile, gambling sites are heavily targeted by ATO in order to steal legitimate accounts and access their payouts and wallets. Scraping, another significant threat category, is likely associated with attempts to pull odds data to gain a profit.

World Cup Gambling Sites Bot Traffic Categories

ATO skyrocketed at the start of the tournament, and rose again during the Round of 16 matches. Bots likely targeted gambling accounts early during tournament play in order to gain access to wallets throughout the tournament.

World Cup ATO Traffic on Gambling Sites

The majority of bots are simple bots, which come from a single IP address and connect to sites using automated scripts masquerading as browsers. Moderate bots, at about a quarter of the bot traffic, are slightly more complex bots that use “headless browser” software to simulate browser technology, including the ability to execute Javascript. Advanced bots are by far the smallest category. These are far more evasive, and use browser automation software or malware installed in real browsers to connect to sites.

World Cup Bot Traffic Types

Overall, attacks on sports and gambling sites in the past month have shown just how important it is to protect your assets against cyberattacks. Global events, like the World Cup tournament, offer attackers plenty of opportunities to steal information for their own personal gain. Take action to protect your site today. 


WORLD CUP is a trademark of Federation Internationale de Football Association (“FIFA”).